CakePHP 2: How to generate an sql insert script from an array - mysql

Can I generate an sql insert statement from an array returned by find methods?
Thanks.

Yes, You can.
After performing the find() operation iterate your data using foreach loop and make a string based insert query with ";" as separator after each insert query. Create a file with extension as .sql and use force download component to download it.
I have some sort of code that can help you. I'll try to give you the code soon.

Related

Insert JSON into multiple tables on Database in Mule

I am trying to insert the contents of an JSON to a MySql database using Mule ESB. The JSON looks like:
{
"id":106636,
"client_id":9999,
"comments":"Credit",
"salesman_name":"Salvador Dali",
"cart_items":[
{"citem_id":1066819,"quantity":3},
{"citem_id":1066820,"quantity":10}
]
}
On mule I want to insert all data on a step like:
Insert INTO order_header(id,client_id,comments,salesman_name)
Insert INTO order_detail(id,citem_id,quantity)
Insert INTO order_detail(id,citem_id,quantity)
Currently i have come this far on Mule:
MuleSoft Flow
Use Bulk Execute operation of Database Connector.
You will insert into multiple tables.
for ex :
Query text
Insert INTO order_header(payload.id,payload.client_id,payload.comments,payload.salesman_name);
Insert INTO order_detail(payload.id,payload.cart_items[0].citem_id,payload.cart_items[0].quantity); etc..
There is an excellant article here http://www.dotnetfunda.com/articles/show/2078/parse-json-keys-to-insert-records-into-postgresql-database-using-mule
that should be of help. You may need to modify as you need to write the order_header data first and then use a collection splitter for the order_detail and wrap the whole in a transaction.
Ok. Since, you have already converted JSON into Object in the flow, you can refer individual values with their object reference like obj.id, obj.client_id etc.
Get a database connector next.
Configure your MySQL database in "Connector Configuration".
Operation: Choose "Bulk execute"
In "Query text" : Write multiple INSERT queries and pass appropriate values from Object (converted from JSON). Remember to separate multiple queries with semicolon (;) in Query text.
That's it !! Let me know if you face any issue. Hope it works for you..

Can I pass a MYSQL function as a value through an HTML Form?

I have an HTML form that I'm using to submit some SQL data. I'd like to pass the MYSQL function LAST_INSERT_ID() as a value but when I do this there are single tick marks that get added the the function upon insert and it fails, like this 'LAST_INSERT_ID()'.
I want to be able to use this function so I can call what that ID was.
Is it possible to pass this function successfully?
No, you can't pass SQL code instead of values and have it automatically executed on the server.
(Can you imagine how that could have been used by someone with not so good intentions...?)
You could send a special "magic" value, that the code on the server would recognise, and change the query to use last_insert_id() for the value. (You could use the function name as magic value, but you should probably use something less obvious.)
To insert code in a query like that, you need to create the SQL query dynamically. When you create queries dynamically, make sure to escape values properly so that the code isn't open to SQL injection attacks.

Passing Dynamic code to MySQL execute

I am writing some reports code, which requires executing complex sql code and executing this using raw connection. I am good for the static paramteres but not sure how to handle the dynamic values.
I prepare the dynamic sql and then create a statement object
st = conn.prepare(dynamic_sql_string)
st.execute(dynamic values).
How do I create this dynamic values code?
In one it will be
st.execute(#first_name)
and in second case it will be
st.execute(#last_name).
How do I write this dynamic code?
Got it, you do this using
eval "st.execute(dynamic values").

Using raw sql in django

What would be the equivalent raw sql for the following:
def index:
Emails.objects.create(email=request.POST['invite_email'])
I have this so far, but I can't quite get the quotations working --
cursor = connection.cursor()
cursor.execute("insert into splash_emails (id, email) values ('0','request.POST[invite_email]')")
transaction.commit_unless_managed()
What would be correct way to write this, and is this the simplest way to perform raw sql?
If you ever want to see the queries django is using you can do:
emails = Emails.objects.create(email=request.POST['invite_email'])
print emails.query
It's a bit verbose, but you'll get the gist.
I think after reading the Django cookbook chapter on Security, you'll have a good idea on how to execute raw sql AND execute it safely.

regarding database security

I am using prepared statements with mysqli(); to insert and retrieve data on my website also i used bind_param so i don't add variables directly into the query.I used strip_tags to clean any inputs what else should i look out for ?
Don't use strip_tags() on database input: use htmlentites() (or urlencode() where appropriate) on browser output.